The getpass() function displays a prompt to, and
reads in a password from, /dev/tty. If this file
is not accessible, getpass() displays the prompt
on the standard error output and reads from the standard input.

The password may be up to _PASSWORD_LEN
(currently 128, as defined in the
<pwd.h>
include file) characters in length. Any additional characters and the
terminating newline character are discarded.

getpass() turns off character echoing while reading
the password.

The calling process should zero the password with
explicit_bzero(3) as
soon as possible to avoid leaving the cleartext password visible in the
process's address space.

Upon successful completion, getpass() returns a
pointer to a NUL-terminated string of at most
_PASSWORD_LEN characters. If an error is
encountered, the terminal state is restored and a null pointer is returned.

Historically, BSD versions of
getpass() have accepted a password on the
standard input if /dev/tty is unavailable. This
contradicts X/Open Portability Guide
Issue 4, Version 2 (“XPG4.2”) but the
OpenBSD implementation is conformant in all other
respects. Removed from IEEE Std 1003.1-2001
(“POSIX.1”).